Total
11936 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14398 | 1 Razer | 1 Synapse | 2020-05-20 | 4.6 MEDIUM | 7.8 HIGH |
| rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection. | |||||
| CVE-2007-2893 | 1 Bochs Project | 1 Bochs | 2020-05-19 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow." | |||||
| CVE-2002-1200 | 1 Oneidentity | 1 Syslog-ng | 2020-05-19 | 7.5 HIGH | N/A |
| Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2018-14362 | 5 Canonical, Debian, Mutt and 2 more | 10 Ubuntu Linux, Debian Linux, Mutt and 7 more | 2020-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. | |||||
| CVE-2012-0952 | 1 Nvidia | 1 Display Driver | 2020-05-18 | 4.4 MEDIUM | 5.0 MEDIUM |
| A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53. | |||||
| CVE-2017-17833 | 5 Canonical, Debian, Lenovo and 2 more | 61 Ubuntu Linux, Debian Linux, Bm Nextscale Fan Power Controller and 58 more | 2020-05-15 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. | |||||
| CVE-2016-4439 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-05-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. | |||||
| CVE-2016-4441 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-05-14 | 2.1 LOW | 6.0 MEDIUM |
| The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. | |||||
| CVE-2016-4454 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-05-14 | 3.6 LOW | 6.0 MEDIUM |
| The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. | |||||
| CVE-2017-14202 | 1 Zephyrproject | 1 Zephyr | 2020-05-13 | 4.6 MEDIUM | 7.8 HIGH |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. | |||||
| CVE-2017-14199 | 1 Zephyrproject | 1 Zephyr | 2020-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0. | |||||
| CVE-2013-7260 | 1 Realnetworks | 1 Realplayer | 2020-05-11 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877. | |||||
| CVE-2020-8896 | 1 Google | 1 Earth | 2020-05-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted key to read data past the end of the buffer used to hold it. Mitigation: Update to Google Earth Pro 7.3.3. | |||||
| CVE-2017-8798 | 1 Miniupnp Project | 1 Miniupnpd | 2020-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | |||||
| CVE-2016-10375 | 1 Yodl Project | 1 Yodl | 2020-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c. | |||||
| CVE-2020-3273 | 1 Cisco | 4 5508 Wireless Controller, 5508 Wireless Controller Firmware, 5520 Wireless Controller and 1 more | 2020-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS). The vulnerability is due to incomplete input validation of the 802.11 GAS frames that are processed by an affected device. An attacker could exploit this vulnerability by sending a crafted 802.11 GAS frame over the air to an access point (AP), and that frame would then be relayed to the affected WLC. Also, an attacker with Layer 3 connectivity to the WLC could exploit this vulnerability by sending a malicious 802.11 GAS payload in a Control and Provisioning of Wireless Access Points (CAPWAP) packet to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS. | |||||
| CVE-2016-7567 | 1 Openslp | 1 Openslp | 2020-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string. | |||||
| CVE-2017-6193 | 1 Apng Disassembler Project | 1 Apng Disassembler | 2020-04-29 | 6.8 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk. | |||||
| CVE-2017-6192 | 1 Apng Disassembler Project | 1 Apng Disassembler | 2020-04-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor. | |||||
| CVE-2017-8364 | 1 Rzip Project | 1 Rzip | 2020-04-26 | 6.8 MEDIUM | 7.8 HIGH |
| The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. | |||||